Skip to content

Commit

Permalink
Fixed: Only allow simple LIMIT clause on non-SELECT queries.
Browse files Browse the repository at this point in the history
  • Loading branch information
@mynetx
mynetx committed Nov 20, 2011
1 parent 700512d commit c93fb36
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 8 deletions.
13 changes: 9 additions & 4 deletions classes/connector.mysql.easy.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -446,7 +446,7 @@ protected function _buildQuery($intType = MONTY_QUERY_SELECT)
}
$strQuery .= $this->_buildQueryWheres();
$strQuery .= $this->_buildQuerySorts();
$strQuery .= $this->_buildQueryLimit();
$strQuery .= $this->_buildQueryLimit($intType);
break;

case MONTY_QUERY_INSERT:
Expand All @@ -472,15 +472,15 @@ protected function _buildQuery($intType = MONTY_QUERY_SELECT)
$strQuery .= $this->_buildQueryFields($intType);
$strQuery .= $this->_buildQueryWheres();
$strQuery .= $this->_buildQuerySorts();
$strQuery .= $this->_buildQueryLimit();
$strQuery .= $this->_buildQueryLimit($intType);
break;

case MONTY_QUERY_DELETE:
$strQuery = 'DELETE FROM';
$strQuery .= ' `' . $this->_arrTables[0][0] . '`';
$strQuery .= $this->_buildQueryWheres();
$strQuery .= $this->_buildQuerySorts();
$strQuery .= $this->_buildQueryLimit();
$strQuery .= $this->_buildQueryLimit($intType);
break;

case MONTY_QUERY_TRUNCATE:
Expand Down Expand Up @@ -565,15 +565,20 @@ protected function _buildQueryFields($intType)
/**
* Monty_MySQL_Easy::_buildQueryLimit()
*
* @param int $intType
* @return string $strLimit
*/
protected function _buildQueryLimit()
protected function _buildQueryLimit($intType)
{
$strLimit = '';
if ($this->_intLimitStart !== null)
{
$strLimit = ' LIMIT ' . $this->_intLimitStart . ', ' . $this->_intLimitCount;
}
if ($intType != MONTY_QUERY_SELECT && $this->_intLimitCount !== null)
{
$strLimit = ' LIMIT ' . $this->_intLimitCount;
}
return $strLimit;
}

Expand Down
13 changes: 9 additions & 4 deletions classes/connector.mysqli.easy.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -450,7 +450,7 @@ protected function _buildQuery($intType = MONTY_QUERY_SELECT)
}
$strQuery .= $this->_buildQueryWheres();
$strQuery .= $this->_buildQuerySorts();
$strQuery .= $this->_buildQueryLimit();
$strQuery .= $this->_buildQueryLimit($intType);
break;

case MONTY_QUERY_INSERT:
Expand All @@ -476,15 +476,15 @@ protected function _buildQuery($intType = MONTY_QUERY_SELECT)
$strQuery .= $this->_buildQueryFields($intType);
$strQuery .= $this->_buildQueryWheres();
$strQuery .= $this->_buildQuerySorts();
$strQuery .= $this->_buildQueryLimit();
$strQuery .= $this->_buildQueryLimit($intType);
break;

case MONTY_QUERY_DELETE:
$strQuery = 'DELETE FROM';
$strQuery .= ' `' . $this->_arrTables[0][0] . '`';
$strQuery .= $this->_buildQueryWheres();
$strQuery .= $this->_buildQuerySorts();
$strQuery .= $this->_buildQueryLimit();
$strQuery .= $this->_buildQueryLimit($intType);
break;

case MONTY_QUERY_TRUNCATE:
Expand Down Expand Up @@ -569,15 +569,20 @@ protected function _buildQueryFields($intType)
/**
* Monty_MySQLI_Easy::_buildQueryLimit()
*
* @param int $intType
* @return string $strLimit
*/
protected function _buildQueryLimit()
protected function _buildQueryLimit($intType)
{
$strLimit = '';
if ($this->_intLimitStart !== null)
{
$strLimit = ' LIMIT ' . $this->_intLimitStart . ', ' . $this->_intLimitCount;
}
if ($intType != MONTY_QUERY_SELECT && $this->_intLimitCount !== null)
{
$strLimit = ' LIMIT ' . $this->_intLimitCount;
}
return $strLimit;
}

Expand Down

0 comments on commit c93fb36

Please sign in to comment.